fix: a LOT of manual typecastings for DB values that should be INTs

This commit is contained in:
Martin Ambrus
2017-10-18 00:33:03 +02:00
parent 96cd79adc9
commit 057f713528
7 changed files with 495 additions and 493 deletions
+1 -1
View File
@@ -164,7 +164,7 @@ class Account {
private function Unreg() {
global $database;
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$database->escape($_POST['id'])."'";
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$database->escape((int) $_POST['id'])."'";
$result = mysqli_query($GLOBALS['link'],$q);
$dbarray = mysqli_fetch_array($result);
if(md5($_POST['pw']) == $dbarray['password']) {